The Crypto Cat is Out of the Bag

An Illustrative Inventory of Widely-Available Encryption Applications

Ever since the Paris attacks, there have been renewed calls by several U.S. law enforcement officials for U.S. companies like Apple and Facebook to weaken the security of their strongly encrypted messaging services such as iMessage and WhatsApp. Those officials, including FBI Director James Comey, warn that unless companies redesign their secure services to allow for government surveillance, terrorists may use these tools to evade detection.

As we’ve noted many times before, we think weakening the encryption in U.S. products is a bad idea for countless reasons. One of those reasons is the simple fact that bad guys can and do and will use other encryption tools to secure their communications, including freely available open source tools, tools offered by companies outside the U.S., and tools that they code themselves, outside the reach of U.S. regulators. This short paper is meant to highlight that point, by providing some basic data about the many widely available crypto tools that will continue to be available and widely used no matter what the U.S. government or U.S. companies do.

We’re releasing a rough version of this paper today in anticipation of Director Comey’s testimony on Capitol Hill tomorrow at the Senate Judiciary Committee, where encryption will likely come up, as well as a classified briefing from the FBI on encryption that will be taking place tomorrow in the House of Representatives.

You can download the final version here.


Authors:

Ross Schulman is a senior counsel and senior policy technologist at New America’s Open Technology Institute.

Kevin Bankston is the director of New America’s Open Technology Institute, where he works in the public interest to ensure that all communities have equitable access to an internet that is both open and secure. He previously served as OTI's policy director.

Jake Laperruque is an Open Technology Institute fellow. He writes on government surveillance and security issues.